StatPress/StatPress Reloaded – SQL Injections

iriStatAppend()

// URL (requested)
$urlRequested = iri_StatPress_URL();
...
$referrer = (isset($_SERVER['HTTP_REFERER']) ? htmlentities($_SERVER['HTTP_REFERER']) : '');
...
$insert = "INSERT INTO " . $table_name . " (date, time, ip, urlrequested, agent, referrer, search,nation,os,browser,searchengine,spider,feed,user,timestamp) " . "VALUES ('$vdate','$vtime','$ipAddress','$urlRequested','" . addslashes(strip_tags($userAgent)) . "','$referrer','" . addslashes(strip_tags($search_phrase)) . "','" . iriDomain($ipAddress) . "','$os','$browser','$searchengine','$spider','$feed','$userdata->user_login','$timestamp')";
$results = $wpdb->query($insert);

iri_StatPress_Vars()

if (strpos(strtolower($body), "%thistotalvisits%") !== false)
{
    $qry = $wpdb->get_results("SELECT count(DISTINCT(ip)) as pageview FROM $table_name WHERE spider='' and feed='' AND urlrequested='" . iri_StatPress_URL() . "';");
    $body = str_replace("%thistotalvisits%", $qry[0]->pageview, $body);
}

There are more vulnerabilities, including sql injection (such as iriStatPressSearch()) and cross site scripting.

One thought on “StatPress/StatPress Reloaded – SQL Injections”

Leave a Reply

Your email address will not be published. Required fields are marked *